Test ID:	1.3.6.1.4.1.25623.1.0.805388
Category:	Web application abuses
Title:	ClipBucket Multiple SQL Injection Vulnerabilities
Summary:	ClipBucket is prone to multiple sql injection vulnerabilities.
Description:	Summary: ClipBucket is prone to multiple sql injection vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - 'user_contacts.php' and 'view_channel.php' scripts are not properly sanitizing user-supplied input via the 'user' parameter. - 'ajax.php' script is not properly sanitizing user-supplied input via the 'uid', 'id', 'cid', and 'ci_id' parameters. - 'view_page.php' script not properly sanitizing user-supplied input to the 'pid' parameter. - 'view_topic.php' script is not properly sanitizing user-supplied input to the 'tid' parameter. - 'watch_video.php' script is not properly sanitizing user-supplied input to the 'v' parameter. Vulnerability Impact: Successful exploitation will allow remote attackers to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Affected Software/OS: ClipBucket version 2.6 Revision 738 and earlier. Solution: Apply the patch from the referenced link. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-5849 BugTraq ID: 56854 http://www.securityfocus.com/bid/56854 Bugtraq: 20121207 Multiple SQL Injection vulnerabilities in ClipBucket (Google Search) http://archives.neohapsis.com/archives/bugtraq/2012-12/0056.html http://archives.neohapsis.com/archives/bugtraq/2012-12/0063.html http://www.exploit-db.com/exploits/23252 https://www.htbridge.com/advisory/HTB23125 http://osvdb.org/88175 http://osvdb.org/88176 http://osvdb.org/88177 http://osvdb.org/88178 http://osvdb.org/88179 http://osvdb.org/88180
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.